Skip to main content

Openldap 2.0 -> 2.2 migration

Started looking at the much dreaded (Debian Sarge related) migration from openldap 2.0 -> 2.2. The new version of openldap is stricter in what is allowed in an ldap tree and what is not, so you need to make sure you have a structural objectclass for every entry etc. etc. Knocked up a few scripts that "fixed" the ldap tree to be more 2.2-conforming, upgraded the server and everything was fine. The only last thing to test out was the replication from a 2.2 master to multiple (around fourty and dislocated all over the country) 2.0 slave servers. It works quite fine so far (tested on entry additions/removals, attributes additions, changes, removals and on modrdn operations).You have to tell the master server to not replicate the newly introduced attributes (structuralObjectClass,entryUUID,entryCSN). So the replica line looks like this:

replica host=woody-slave.int.example.orge:389 bindmethod=simple
binddn=cn=replicator,dc=example,dc=org credentials=foor
attr!=structuralObjectClass,entryUUID,entryCSN"

Smashing Pumpkins - Drown

Comments

Comments powered by Disqus